Back to Jobs
United States of America Remote (Global)

Alpaca is hiring a DevSecOps Engineer

About the Role

As a DevSecOps Engineer, you will bridge security, development, and operations to build robust, secure systems across cloud environments. Your focus will be on automating security practices throughout the development lifecycle, ensuring infrastructure is resilient, compliant, and rapidly deployable.

Key Responsibilities

  • Design and enforce security within CI/CD pipelines using policy-as-code, IaC scanning, and automated guardrails
  • Implement and maintain secure configurations across Kubernetes and cloud platforms, including identity, networking, and workload protection
  • Lead vulnerability and patch management programs with automated detection, prioritization, and remediation
  • Develop secure deployment patterns such as canary releases and automated rollbacks to reduce operational risk
  • Generate and manage Software Bill of Materials (SBOMs), enforce artifact signing, and strengthen software supply chain integrity
  • Build hardened infrastructure templates and tooling to guide developers toward secure-by-default patterns
  • Own cyber-resiliency practices including disaster recovery validation, backup integrity, and failover testing
  • Enhance detection capabilities through high-fidelity alerts, telemetry, and forensic logging
  • Collaborate with engineering and SecOps on incident response, post-mortems, and risk mitigation
  • Support offensive security initiatives like penetration tests and bug bounty programs, ensuring findings are prioritized and resolved
  • Conduct threat modeling and security reviews for new architectures and services
  • Enforce least privilege access, secure authentication, and secrets lifecycle management
  • Operationalize compliance controls for standards such as SOC 2, ISO 27001, or PCI, and support audit readiness
  • Measure and report on security KPIs including time to detect, remediate, and coverage of automated controls
  • Champion secure coding practices and help teams make informed, risk-based decisions

Qualifications

You bring deep experience in cloud security, automation, and secure delivery pipelines. You’re fluent in scripting languages like Python or Go and have hands-on expertise with Terraform, Kubernetes, container security, and cloud service providers. You’re comfortable working cross-functionally, explaining security tradeoffs clearly, and operating in on-call rotations.

Preferred background includes securing regulated systems such as financial platforms, familiarity with SBOM and software integrity tools like Sigstore, and relevant certifications (e.g., CISSP, OSCP, or cloud security credentials). A degree in Computer Science or related field is valued, but equivalent experience is equally considered.

Environment & Benefits

This is a fully remote, globally distributed role. We support asynchronous collaboration across time zones and value accountability, empathy, and curiosity. You’ll receive a competitive salary, equity, a one-time $500 home office stipend, and a monthly $150 stipend for work-related expenses. We are committed to building a diverse, inclusive team and fostering a developer-first culture with strong open-source values.

Required Skills
DevSecOpsCloud SecurityKubernetesTerraformContainer SecurityInfrastructure as Code (IaC)Software Composition Analysis (SCA)Policy-as-codeCI/CD PipelinesPythonGoCSPsIdentity & Access SecuritySecurity EngineeringSecure CI/CD CSPsKubernetesTerraformContainer securityCI/CDInfrastructure as Code (IaC)Software Composition Analysis (SCA)Policy-as-codeVulnerability managementPatch managementCloud securityIdentity & access securityDevSecOpsIaC securitySecrets scanning
Your first international client?

Don't lose them over invoicing

Clients ghost freelancers with unprofessional invoicing. Glopay gives you a real EU company partnership so they take you seriously from invoice #1.

Instant EU company partnership
Invoice builder with your branding
Automated payment reminders
Real-time payment tracking
Get EU company now
Ready in 24 hours
About company
Alpaca
Alpaca is a US-headquartered self-clearing broker-dealer and brokerage infrastructure for stocks, ETFs, options, crypto, fixed income, 24/5 trading, and more. It provides institutional-grade APIs to financial institutions including broker-dealers, investment advisors, wealth managers, hedge funds, and crypto exchanges across 40 countries.
All jobs at Alpaca Visit website
Job Details
Category security
Posted 19 days ago

Similar Jobs

Other opportunities you might be interested in

ChainGPT

Security Architect - Africa

ChainGPT

Angola Remote (Global)
Smart Working Solutions

Senior Security Engineer, India (Remote, Full-Time) [AS219]

Smart Working Solutions

Ahmedabad Remote (Country)
Roku

Security Software Engineer

Roku

Austin Hybrid
Smartsheet

Senior Software Engineer, Platform Security (Remote from Bulgaria)

Smartsheet

Bulgaria Remote (Country)
Menlo Security

Security Engineer

Menlo Security

United States
Perplexity

Cloud Security Engineer

Perplexity

Remote (Global)

Related Articles

Insights related to this role

Data center rack with network switches and fiber connections, illustrating automated network deployment using CI/CD and network configuration as code.
Technology

Network Configuration as Code: CI/CD for Automation | NVIDIA

4 min 18 days ago
A remote developer working in a well-lit, modern workspace, illustrating a productive environment enabled by a developer experience platform.
Remote Work

Developer Experience Platform: Lessons from Europe

5 min 15 days ago
Home office setup with dual monitors showing Kubernetes dashboards, representing the rise of Kubernetes remote jobs in AI and cloud-native careers 2026.
Job Search

Kubernetes Remote Jobs: AI & Cloud-Native Careers in 2026

5 min a month ago